You are here

Declaring field types.

I've got a box running Kibana and Elasticsearch, with the information being handed across by fluentd. It's all working pretty well, and I've moved on to pushing Windows events through - which is where I'm struggling.

I'm using nxlog on a windows machine, and it's pushing the data directly to elasticsearch - unfortunately I cannot for love nor money get the date to be handled as a date, rather than a string; the nxlog output is:

I create a new index with a pattern of *windowsevents*\*, but the *EventTime* field is stated as a string, not a date - so I can't sort data by age. *@timestamp* clearly isn't getting populated, as the *timestamp* field isn't being used. Has anyone used a similar setup? Is there a way to push the data on as a date?

Apologies if I've missed out pertinent information - it's all a bit new to me.